MiniDuke variant, ‘CosmicDuke,’ aimed at new targets

July 8, 2014

A variant of espionage malware that plagued government entities and other organizations across the globe has returned with a new toolset and a different set of victims.

MiniDuke, customized malware that previously took advantage of a patched Adobe Reader vulnerability, has been discovered by Kaspersky researchers to once again be active, only now attackers have created a variant of the malware.

Dubbed “CosmicDuke” or “TinyBaron,” the new backdoor is likely spread as an exploit attachment via spearphishing and spoofs popular applications such as Java, Google, and Adobe – mimicking attributes such as file size, information, and icons, Kurt Baumgartner, principal security researcher at Kaspersky Lab, told SCMagazine.com in an email correspondence.

Additionally, a new set of victims is being targeted.

“Some are clustered around controlled and illegal substances, and others are clustered around telecoms, government, military, and energy [sectors],” Baumgartner said.

Marcos Colón

United States Department of the Treasury seal

Identity

BeyondTrust breach hits US Treasury Department

SC StaffDecember 31, 2024

The U.S. Treasury Department was confirmed to have its computers and documents compromised by Chinese state-backed advanced persistent threat hackers in an attack targeted at its BeyondTrust Remote Support software-as-a-service instance just over a week after the BeyondTrust breach was initially reported, reports BleepingComputer.

China Flag Made of Binary Code and Chinese Symbols on Red Backgr

Critical Infrastructure Security

Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise

SC StaffDecember 30, 2024

Nine U.S. telecommunications firms were confirmed by U.S. officials to have been compromised by Chinese state-backed threat group Salt Typhoon as part of its sweeping cyberespionage operation, with the newly-added unnamed entity's networks breached to facilitate geolocating activities for millions of individuals, Reuters reports.

Russia flag is depicted on the screen with the program code. The concept of modern technology and site development.

Critical Infrastructure Security

Italian websites subjected to pro-Russian DDoS attack campaign

SC StaffDecember 30, 2024

Security Affairs reports that numerous Italian websites — including those of the country's Ministry of Foreign Affairs, the Turin Transport Group, and the Linate and Malpensa airports — have been compromised as part of a distributed denial-of-service attack by pro-Russian hacktivist operation NoName057, which noted the intrusions to have been launched in retaliation of "Italian Russophobes."

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

MiniDuke variant, ‘CosmicDuke,’ aimed at new targets

Related

BeyondTrust breach hits US Treasury Department

Another US telco breached by Salt Typhoon as AT&T, Verizon acknowledge compromise

Italian websites subjected to pro-Russian DDoS attack campaign

Related Events

Healthcare Cybersecurity: Protecting Lives in a Digital Age

Supercharging your threat intelligence with the tools you already have

Building an effective cybersecurity metrics program

Get daily email updates